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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication, 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)H Responsive to communication(s) filed on 23 March 2005 . 
2a)D This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1 935 CD. 1 1 , 453 O.G. 21 3. 
Disposition of Claims 

4) E3 Claim(s) 1-20 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) [3 Claim(s) 1-20 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Ciaim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)EI The drawing(s) filed on 19 September 2000 is/are: a)[3 accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
1 !)□ The proposed drawing correction filed on is: a)D approved b)D disapproved by the Examiner 

if approved, corrected drawings are required in reply to this Office action. 

12) D The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§119 and 120 

1 3) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 1 9(a)-(d) or (f). 

a)QAII b)Q Some*c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

1 4) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 1 9(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 

15) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C§§ 120 and/or 121. 

Attachment(s) 

1 ) ^ Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-41 3) Paper No(s). . 

2) tZI Notice of Draftsperson's Patent Drawing Review (PTO-948) 5) Q Notice of Informal Patent Application (PTO-152) 

3) □ Information Disclosure Statement(s) (PTO-1449) Paper No(s) . 6) □ Other: 
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DETAILED ACTION 

Response to Arguments 

1. In response to communications filed on 3/23/2005, for a request to continue examination, 
applicant amends claims 1, 8, 1 1, and 12. The following claims 1-20 are presented for 
examination. 

2. Applicant's arguments, pages 7-17, filed on 3/23/2005, with respect to the rejection of 
claims 1-20 have been fully considered but they are not persuasive. With respect to the 
interview summary, Applicant mentions that the examiner changing the ground of rejection by 
directing the applicant to another citation. This is not considered a new ground of rejection. 
Applicant initiates a phone conversation to argue that Gaul is riot considered a prior art and after 
being told that the citations are supported in the provisional application, applicant argues about 
'the generating step is not supported" examiner points out another passage (page 14) that 
provides support which was not argued by applicant (see examiner's interview summary). The 
wording of the examiner's interview was also agreed by applicant. In response to applicant's 
response about page 14 stating that the provisional application may arguably support paragraph 
115, the same wording of paragraph 115 and additional disclosure can also be found on page 41 
of 66 in the provisional application. Applicant has amended the claims to further limit the 
claimed invention. Upon further consideration, a new ground of rejection is made in view of 
Gaul in combination with Greenfield and Mc Graw. 



* 
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Claim Rejections - 35 USC §103 
3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 102 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious at 
the time the invention was made to a person having ordinary skill in the art to which said subject 
matter pertains. Patentability shall not be negatived by the manner in which the invention was 
made. 

3.1 Claims 1-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over US Patent 
Publication US 2001/0034847 to Gaul, Jr. in view of US Patent 6,438,600 to Greenfield et al 
and in view of Non-Patent Literature: "Secure Computing with Java: Now and the Future" to 
McGraw et al. 

3.2 As per claims 1-3, 5, and 7, Gaul, Jr. discloses remote operation performed by an 
Internet Application Service to complete a vulnerability assessment of the workstation, the 
invention is accomplished over the Internet from a request from client to a web server using a 
web browser interface that meets the recitation of issuing a request for a scanner from a browser 
operating on the workstation to a network server via a computer network and transmitting a 
scanner from the network server to the workstation via the computer network, the scanner 
installable within the browser and operative to complete a vulnerability assessment of the 
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workstation, for example (see page 2, paragraphs 0014-0018), which is clearly supported in the 
provisional application (pages 12-14); generating workstation credentials in response to the 
scanner conducting the vulnerability assessment of the workstation (page 9, paragraph 115) 
which is found on page (41 of 66) in the provisional application. Gaul, Jr. also discloses using 
an Internet based aspect for the invention to perform vulnerability assessment is an advantage 
because it saves the company time, cost, and labor. It is well known in the art various Internet 
applications to provide services from a server to a workstation as suggested by Gaul, Jr., for 
example (see page 2, paragraphs 0014-0018). Although Gaul, Jr. mentions user-server 
authentication, Gaul, Jr. does not explicitly disclose comparing workstation credentials to 
workstation policy to decide whether or not to grant access to the server and if access is granted 
request for credentials associated with user. Greenfield et al in an analogous art of providing 
services through the Internet, discloses issuing a request for a scanner from a browser operating 
on the workstation to a network server via a computer network and further discloses protecting 
access to all applets from server by using a verification process, verifying workstation credentials 
to ensure that the user is authorized and transmitting workstation credentials to the network 
server (column 7, line 45 through column 8, line 60); Greenfield et al also mentions that 
alternatively verification can also be performed in local client machine that meets the recitation 
of verifying workstation credentials to workstation policy (column 8, lines 24-30). Greenfield 
et al also suggests (column 7, lines 23-30) implementation of Java publication by McGraw et al 
which discloses the importance of authentication of remote users, systems, and applets: ensuring 
that the host is a trusted host, the module to be downloaded is trusted and given the 
authentication, next feature security system should provide is user authorization regarding level 
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of access (pages 4-5 authentication section and page 12). More security features are also 
disclosed such as encryption, log-in, non-repudiation, etc. regarding downloadable code from an 
Internet. Therefore, it would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the method of Gaul, Jr. to include verification of workstation 
credentials based on workstation policy to grant access to the server and user authentication 
when the workstation is secure as taught and suggested by Greenfield et al. One skilled in the 
art would have been lead to make such a modification because it allows the application to run in 
an authorized set of trusted applications to prevent codes that contain viruses from executing in 
the machine and in addition ensure that the user is authorized to perform the requested operation 
(column 3, lines 35 through column 4, line 13 and column 6, lines 50-62) as suggested by 
Greenfield. 

As per claim 4, Gaul, Jr. discloses the limitation of further comprising the step of 
completing a repair operation by the scanner to address a security vulnerability identified by the 
scanner in response to completing the vulnerability assessment of the workstation (see page 2, 
paragraph 0018). 

As per claims 6, 9, and 14, the combined references above disclose the limitation of 
wherein the step of issuing a request for a scanner comprises the browser issuing a request for a 
Web page at the network server, the Web page hosting the scanner as a plug-in control available 
for installation with the browser (see Greenfield, column 6, lines 22-50). These claims are 
rejected on the same rationale as the rejection of claims 1 and 7. 
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Claims 8 and 10 recite the same inventive concept as claims 1, 6, and 7. Therefore, 
claims 8-10 and 17 are rejected on the same rationale as the rejection of claims 1, 6, and 7. 

As per claims 11 and 13, claim 1 1 recites some of the limitations of the rejected claims 1 
and 8. Therefore claim 1 1 is rejected on the same rationale as the rejection of claims 1 and 8. 

As per claim 12, Claim 12 recites the same inventive concept as recited in claims 8-10 
and 17 except for using a CGI script which is also suggested by Greenfield et al (see column 7, 
lines 35-45). Therefore, claim 12 is rejected on the same rationale as the rejection of claims 1 
and 8-10 and 17. 

As per claims 15-20, the combined references above disclose the limitation of receiving 
credentials associated with a user from a browser and authenticating the user based on the 
credentials, and further discloses that the invention can be Internet based, for example (see 
Greenfield, column 8, lines 1-15). 

Conclusion 

4. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure as the art discloses the use of servicing workstations through browser application and 
identifying security vulnerabilities. 
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US Patent: 6,429,952 Olbricht; 5,872,915 Dykes et al; 6,301,668 Gleichauf et al; 



4. 1 Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Carl Colin whose telephone number is 571-272-3862. The 
examiner can normally be reached on Monday through Thursday, 8:00-6:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272*3795. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov . Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Carl Colin 
Patent Examiner 



6,041,347 Harsham et al; 



6,275,938 Bond et al ; 



5,875,296 Shi et al. 



July 7, 2005 



AYAZ SHEIKH 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 




